Call it the third-oldest profession. Consultants have been with us since the days of cave paintings, and over that time they've learned a few tricks to extract money from their clients.

IT consultants are among the most slippery of the bunch. Among their favorite tricks: Using "scope change" to line their pockets, claiming expertise they do not actually possess, promising you their superstars and then sending in the rookies, purposely delaying decisions and sowing confusion as they rack up billable hours, and collecting kickbacks from other service providers. The worst ones may even hold your company's intellectual property or systems hostage until you pay up.

Not all consultants are like this, of course. We talked to several upstanding members of the profession about the worst tricks their ethically challenged colleagues try to pull and how IT can avoid becoming snared by them.

Of course, the client side often shares the blame, says Steven A. Lowe, CEO of Innovator LLC, a consulting and custom software development firm. Most consultant-client conflict stems from a lack of honest communication.

"The client expects the consultant to magically solve all of their problems without further input beyond the initial consultation session," Lowe says. "The consultant expects the client to tell them everything relevant, and fails to ask the appropriate and serious/hard questions. I call this the 'fairy godmother' problem, as each side expects the other to magically know when and how to rescue the other."

Here some of some of the worst tricks to watch out for. Don't say you haven't been warned.

Dirty consultant trick No. 1: Bidding low, billing high

This trick is as old as the hills. Consulting firms deliberately underbid to win your business, hoping to make it up via additional fees due to scope change and "customization." By the time the real bill surfaces, you'll be so invested in the project and/or the firm that it will seem cheaper to simply pay it and move on.

One reason is that if a service provider offers a realistic cost estimate, it will likely lose out to other firms that lowball it, says Steve Bogner, managing partner for Insight Consulting Partners.

"Most consulting firms know at the time they place their bid that the scope is too small for the results the clients want," he says. "But if they put in a bid to cover an expanded scope, they will lose."

Even if the consulting firm's bid hits all the key parts of your RFP (request for proposal), there's still plenty of flexibility when they drill down to how your requirements will be implemented, says Mike Meikle, CEO of the Hawkthorne Group, a boutique management and technology consulting firm.

"Since these requirements are all at a high level and subject to drastic change, firms use this knowledge as leverage for far higher fees -- usually $200 an hour or more," he adds.

The fix: Build some flexibility into your RFP, says Meikle.

"There should be an amount of leeway in the requirements/scope to avoid the 'out of scope' clause being used and additional charges from being incurred," he says. "How flexible the vendor is with this process should factor heavily in whether you select them to do the work."

Dirty consultant trick No. 2: Bringing in the B team

You thought you hired the New York Yankees. But when it comes time to actually do the work, you get the Scranton Yankees.

One of the classic dirty tricks big services firms pull is to bring their best and brightest to the sales meetings to close the deal, then send in newbies fresh out of school to do the actual work, says Diana Kelley, a partner with research and consulting firm SecurityCurve. Worse, they may still charge you premium rates for staffers with minimal experience.

"Staffing with less experienced employees is fine as long as the customer knows what they're getting and aren't being charged senior staff rates for junior staffers," Kelley says, "Unfortunately, that's not always the case; some companies staff with low experience but bill at high."

A similar technique is also used when responding to RFPs, says Meikle.

"Consulting firms will pack their responses with all their top consultants' résumés," he says. "Then, when they win the assignment and sign the contract with the client, none of those top people are actually involved in the contract. Sometimes the résumés themselves are of consultants who either no longer work for the firm or who have never actually been an employee."

The fix: Be sure to meet the key team members who will be handling your project and ensure that they match up to the résumés that were provided, says Meikle. Also, stipulate in the contract that these are the people the vendor promised to provide.

"If they do not deliver these resources, add either a penalty or a means to acquire a resource with a comparable skill set," he says. "Normally, just requesting to meet the proposed team will disqualify some vendors due to their inability to present them to you."

Dirty consultant trick No. 3: Stall tactics

It's true that Rome wasn't built in a day -- but it would have taken even longer if the workers had been paid by the hour. The longer things take, the more consultants make, which is why allowing indecisiveness to fester is a key tactic used to string out projects, says Patrick Gray, president of Prevoyance Group, a business strategy consulting company.

"When you have a large consulting team that helps manage an IT project, they can sabotage budgets and burn cash simply by enabling indecisiveness and allowing low-level analysts to accept any and all scope changes," he says. "Billable hours tick by unchecked as the consulting team dutifully schedules endless meetings and stands idly by as a three-day decision drags into a multimonth debate."

"While most consulting companies really do want you to succeed, there is always an inherent conflict in the relationship," he says. "As your project drags on and your revenue goes down, the consulting company's revenue goes up. You are always going to do the best job protecting your interests, so don't outsource that task."

Dirty consultant trick No. 4: Taking hostages

You hire an outside firm to write some custom software, develop a website, or manage your infrastructure. Months later you decide to go with a different provider and discover you don't actually own the source code, the domain name, or the passwords to your network -- your services firm does. Sometimes the only solution is to pay the ransom or threaten to sue.

"I rescued a client recently from another company that was hosting servers for them containing their financial and personnel files, Exchange database, intranet -- the works," says Jeff Pagano, owner of cloud IT services firm Iconic Consulting. "This rotten apple was not happy about being dumped and was holding the client's data hostage until his demands were met. We had to get the client's lawyers involved before the consultant agreed to release the data, and then it was in a proprietary format. We ended up eating the cost of getting this data restored and into our data center."

Howard Sherman, founder of tech support and Web design firm RoyalGeeks.com, says the "we own you" strategy is the single worst tactic pulled by consulting scoundrels. He cites the experience of one RoyalGeeks client that was left high and dry by a former Web developer who was "cruel to the point of pure evil."

"The client had to register a whole new domain name and seek new Web hosting services because access to his own website and domain name was rendered impossible," he says. "Even worse, the contract stated that the entire site design -- including the databases driving the back end -- remained the developer's intellectual property. The business didn't legally own its own website. We had to push the reset button and redo everything from scratch."

The fix: First, carefully screen the consulting firm to make sure you're not hiring a scoundrel, says Sherman. Then make sure that ownership of any intellectual property or domains created by the consultant is clearly spelled out in the contract and demand copies of all documentation, including log-ins and licensing information.